Pinentry please. Thank you

Project information: zx2c4 pass manager extension for Firefox, Chrome and Opera

Name: Pinentry
Homepage: GitHub - passff/passff: zx2c4 pass manager extension for Firefox, Chrome and Opera
License: GPL-2.0

An extension point would need to be implemented for each browser on Flathub similar to how the SDK extensions work for the IDEs. This requires each Flatpak browser maintainer’s cooperation, which unfortunately isn’t a simple endeavor. Others have already requested a portal to help with this.

In the meantime, I personally recommend at minimum the following override(s), depending on if your home directory is already mounted:

filesystems = home/.gnupg/pubring.kbx:ro;home/.password-store:ro;
sockets = gpg-agent;

You can then add to the sandbox (change based on your path):

Note that I use browserpass instead of passff

flatpak document-export --allow-read --app=org.mozilla.firefox /usr/share/passff/

You can then get the path of where it will be mounted using:

flatpak documents --columns=all | grep 'passff'

Once you have the mount point, you’ll want to review the Flatpak instructions, usually somewhere here, for the browser you use and find out how they use “unmaintained” extensions to add a native messaging manifest, and change the path to match your exported native messaging host script/executable.

You can probably use flatpak-spawn instead as you’ll see others recommending, but this is more insecure as it allows a malicious app to escape from the sandbox entirely.